Don't lie about Kerberos and encryption.

Result of a conversation with pjanzen@
ok deraadt@

3 files changed, 17 insertions, 24 deletions

diff --git a/usr.bin/rlogin/rlogin.1 b/usr.bin/rlogin/rlogin.1
index 2683f974537..c569b35d6ae 100644
--- a/usr.bin/rlogin/rlogin.1
+++ b/usr.bin/rlogin/rlogin.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rlogin.1,v 1.8 2001/05/01 17:58:04 aaron Exp $
+.\"	$OpenBSD: rlogin.1,v 1.9 2001/06/23 22:14:30 hin Exp $
 .\"	$NetBSD: rlogin.1,v 1.4 1995/08/18 15:07:35 pk Exp $
 .\"
 .\" Copyright (c) 1983, 1990, 1993
@@ -42,7 +42,7 @@
 .Nd remote login
 .Sh SYNOPSIS
 .Ar rlogin
-.Op Fl 8EKLdx
+.Op Fl 8EKLd
 .Op Fl e Ar char
 .Op Fl k Ar realm
 .Op Fl l Ar username
@@ -108,17 +108,6 @@ in realm
 .Ar realm
 instead of the remote host's realm as determined by
 .Xr krb_realmofhost 3 .
-.It Fl x
-The
-.Fl x
-option turns on
-.Tn DES
-encryption for all data passed via the
-rlogin session.
-This may impact response time and
-.Tn CPU
-utilization, but provides
-increased security.
 .It Fl l Ar username
 The
 .Fl l
@@ -203,3 +192,8 @@ will be replaced by
 in the near future.
 .Pp
 More of the environment should be propagated.
+.Pp
+.Nm
+does currently not support encryption of the datastream when Kerberos
+authentication is used.
+
diff --git a/usr.bin/rsh/rsh.1 b/usr.bin/rsh/rsh.1
index 8c06f6a26ee..6db16d75819 100644
--- a/usr.bin/rsh/rsh.1
+++ b/usr.bin/rsh/rsh.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rsh.1,v 1.8 2000/11/09 17:52:35 aaron Exp $
+.\"	$OpenBSD: rsh.1,v 1.9 2001/06/23 22:14:28 hin Exp $
 .\"
 .\" Copyright (c) 1983, 1990 The Regents of the University of California.
 .\" All rights reserved.
@@ -93,11 +93,6 @@ Redirect input from the special device
 (see the
 .Sx BUGS
 section of this manual page).
-.It Fl x
-Enable
-.Tn DES
-encryption for all data exchange.
-This may introduce a significant delay in response time.
 .El
 .Pp
 If no
@@ -181,3 +176,7 @@ Stop signals stop the local
 .Nm
 process only; this is arguably wrong, but currently hard to fix for reasons
 too complicated to explain here.
+.Pp
+.Nm
+does currently not support encryption of the datastream when Kerberos
+authentication is used.
diff --git a/usr.bin/telnet/telnet.1 b/usr.bin/telnet/telnet.1
index fa60f48b8f5..cffff7782d4 100644
--- a/usr.bin/telnet/telnet.1
+++ b/usr.bin/telnet/telnet.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: telnet.1,v 1.27 2000/11/09 17:52:41 aaron Exp $
+.\"	$OpenBSD: telnet.1,v 1.28 2001/06/23 22:14:27 hin Exp $
 .\"	$NetBSD: telnet.1,v 1.5 1996/02/28 21:04:12 thorpej Exp $
 .\"
 .\" Copyright (c) 1983, 1990, 1993
@@ -84,7 +84,7 @@ option on both input and output.
 .It Fl E
 Stops any character from being recognized as an escape character.
 .It Fl F
-If Kerberos V5 authentication is being used, the
+If Kerberos 5 authentication is being used, the
 .Fl F
 option allows the local credentials to be forwarded
 to the remote system, including any credentials that
@@ -143,7 +143,7 @@ If
 is omitted, then
 there will be no escape character.
 .It Fl f
-If Kerberos V5 authentication is being used, the
+If Kerberos 5 authentication is being used, the
 .Fl f
 option allows the local credentials to be forwarded to the remote system.
 .It Fl k Ar realm
@@ -186,7 +186,7 @@ unless modified by the
 .Fl e
 option.
 .It Fl x
-Turns on encryption of the data stream if possible.
+Turns on encryption of the data stream if Kerberos is used.
 .It Ar host
 Indicates the official name, an alias, or the Internet address
 of a remote host.
@@ -356,7 +356,7 @@ The
 .Ic encrypt
 command manipulates the information sent through the
 .Dv TELNET ENCRYPT
-option.
+option that's available when Kerberos is used.
 .Pp
 Valid arguments for the encrypt command are as follows:
 .Bl -tag -width Ar